What is a HIPAA Corrective Action Plan? When the Department of Health and Human Services’ (DHHS) Office for Civil Rights (OCR) determines that a covered entity or business associate has violated HIPAA, OCR may, in addition to assessing fines, take enforcement action in terms of a HIPAA corrective
